Networker

Re: [Networker] DMZ backup not working

2005-12-09 07:01:11
Subject: Re: [Networker] DMZ backup not working
From: Davina Treiber <DavinaTreiber AT PEEVRO.CO DOT UK>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Fri, 9 Dec 2005 11:47:58 +0000
Anuj Mediratta wrote:
Hi,

1.      NAT should be disabled.
2.      For communication, you should open all ports irrespective of any
calculations - 10001-30001.
3.      Configure these selected ports in the networker window by selecting
the same for the given client. Options->configure ports.


I don't like doing this, but this is the second time in recent days that I have had to advise someone to ignore advice from this user, on the grounds that is it totally wrong.

The port range from 10001 to 30001 is a range of SOURCE ports, not destination ports. Most (possibly all?) firewalls don't filter on source ports so in most (all?) cases it is NOT necessary or even useful to open this port range.

Here is my own summary of port usage for firewall backups:

(1)     The service port range setting on the client needs to be 7937-7938

(2) The service port range on the server - adjust to taste based on all the other info supplied from various sources. Leave it as the full range if you are allowed.

(3) Connection ports - unless your firewall is doing filtering based on source ports there is no need to mess with it, just use the defaults.

(4) There is no need to open up connection ports in the firewall, even at 7.1.x. Connection ports are SOURCE ports.

(5) If you run nsrports on the NetWorker server to modify a port range you MUST restart NetWorker. I have not seen this documented anywhere and this wasted several days of my time. I only discovered this by guesswork. I am not sure whether the same applies for clients, I think not. I don't know whether or not it applies to storage nodes.

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu 
if you have any problems
wit this list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

<Prev in Thread] Current Thread [Next in Thread>